Due to the increasing size of a database, user access times and daily backups continue to increase. Which of the following would be the BEST way to address this situation?
Which of the following is the MOST important process to ensure planned IT system changes are completed in an efficient manner?
To develop a robust data security program, the FIRST course of action should be to:
An IS auditor reviewing the acquisition of new equipment would consider which of the following to be a significant weakness?
The risk that the IS auditor will not find an error that has occurred is identified by which of the following terms?
Inherent risk rating are determined by assessing the impact and likelihood of a threat or vulnerability occurring:
An organization using instant messaging to communicate with customers prevent legitimate customers from being impersonated by:
A company laptop has been stolen and all photos on the laptop have been published on social media. Which of the following is the IS auditor's BEST course of action?
When developing a risk-based IS audit plan, the PRIMARY focus should be on functions:
Which of the following protects against the impact of temporary and rapid decreases or increases in electricity?
Which of the following is an IS auditor s GREATEST concern when an organization does not regularly update software on individual workstations in the internal environment?
An IS auditor has assessed a payroll service providerâ€™s security policy and finds significant topics are missing. Which of the following is the auditorâ€™s BEST course of action?
Which of the following is the BEST source of information when assessing the amount of time a project will take?
The MAJOR reason for segregating test programs from production programs is to:
Which of the following is the BEST way to facilitate proper follow-up for audit finding?
A disk management systemâ€™s PRIMARY function is to:
Which of the following is the GREATEST benefit of implementing an IT governance strategy within an organization?
An IS auditor has found that an organization is unable to add new servers on demand in a cost-efficient manner Which of the following is the auditor s BEST recommendation?
While performing a risk-based audit, which of the following would BEST enable an IS auditor to identify and category risk?
Which of the following should be the MOST important consideration when establishing data classification standards?
An organization is in the process of deciding whether to allow a bring your own device (BYOD) program. If approved, which of the following should be the FIRST control required before implementation?
Which of the following controls will MOST effectively detect inconsistent records resulting from the lack of referential integrity in a database management system?
An auditor is creating an audit program in which the objective is to establish the adequacy of personal data privacy controls in a payroll process. Which of the following would be MOST important to include?
To help ensure the accuracy and completeness of end-user computing output it is MOST important to include strong:
When conducting a follow-up audit on an organization s firewall configuration, the IS auditor discovered that the firewall had been integrated into a new system that provides both firewall and intrusion detection capabilities. The IS auditor should:
An organization has outsourced its data leakage monitoring to an Internet service provider (ISP). Which of the following is the BEST way for an IS auditor to determine the effectiveness of this service?
MOST effective way to determine if IT is meeting business requirements is to establish:
Which of the following would be of MOST concern during an audit of an end-user computing system containing sensitive information?
A security regulation requires the disabling of direct administrator access. Such access must occur through an intermediate server that holds administrator passwords for all systems d records all actions. An IS auditor s PRIMARY concern with this solution would be that:
Which of the following should be of MOST concern to an IS auditor reviewing an organizationâ€™s disaster recovery plan (DRP)?
Loss-site scripting (XSS) attacks are BEST prevented through:
Which of the following a recent internal data breach, an IS auditor was asked to evaluate information security practices within the organization. Which of the following findings would be MOST important to report to senior management?
An IS auditor should ensure that an application's audit trail:
.. Implementing which of the following would BEST address issues relating to the aging of IT systems?
An organization uses electronic funds transfer (EFT) to pay its vendors. Which of the following should be an IS auditor s MAIN focus while reviewing controls in the accounts payable Application?
Which of the following observations noted during a review of the organization s social media practices should be of MOST concern to the IS auditor?
An organization has established three IS processing environments: development, test, and production. The MAJOR reason for separating the development and test environments is
An IS auditor is involved in the user testing phase of a development project. The developers wish to use a copy of a peak volume transaction file from the production process to should that the development can cope with the required volume What is the auditor s PRIMARY concern?
Which of the following is BEST addressed when using a timestamp within a digital signature to deliver sensitive financial information?
Which of the following is a reason for implementing a decentralized IT governance model?
Which of the following should the IS auditor do FIRST to ensure data transfer integrity for Internet of Things (loT) devices?
Which of the following data would be used when performing a business impact analysis (BIA)?
Requiring that passwords contain a combination of numeric and alphabetic characters is MOST effective against which type of attack?
Which of the following should be an IS auditor's FIRST activity when planning an audit?
While executing follow-up activities, an IS auditor is concerned that management has implemented corrective actions that are different from those originally discussed and agreed the audit function. In order to resolve the situation, the IS auditor/, BEST course of action would be to:
During the implementation of an upgraded enterprise resource planning (ERP) system, which of the following is the MOST important consideration foe a go-live decision?
During the procurement process which of the following would be the BEST indication that prospective vendors will meet the organization's needs?
An IS auditor is evaluating the log management system for an organization with devices and systems in multiple geographic locations. Which of the following is MOST important for e auditor to verify?
During a review of an insurance company s claims system, the IS auditor learns that claims for specific medical procedures are acceptable only from females This is an example of a:
An organization has agreed to perform remediation related to high-risk audit findings. The remediation process involves a complex reorganization of user roles as well as the Implementation of several compensating controls that may not be completed within the next audit cycle Which of the following is the BEST way for an IS auditor to follow up on their activities?
Which of the following should be of GREATEST concern to an IS auditor reviewing the controls for a continuous software release process?
maturity model is useful in the assessment of IT service management because it:
Both statistical and nonstatistical sampling techniques:
An IS auditor notes that the anticipated benefits from an ongoing infrastructure projects have changed due to recent organizational restructuring. Which of the following is the IS auditorâ€™s BEST recommendation?
To create a digital signature in a message using asymmetric encryption, it is necessary to:
Which of the following would be the GREATEST concern when an organizationâ€™s disaster recovery strategy utilizes a cold site?
An organization considers implementing a system that uses a technology that is not in line with the organizationâ€™s IT strategy. Which of the following is the BEST justification for deviating from the IT strategy?
Which of the following is the MOST effective way to identify anomalous transactions when performing a payroll fraud audit?
An IS auditor is conducting a pre-implementation review to determine a new system's production readiness. The auditor's PRIMARY concern should be whether:
An organization allows its employees to use personal mobile devices for work. Which of the following would BEST maintain information security without compromising employee privacy?
Which of the following Â» the MOST important prerequisite for Implementing a data loss prevention (DLP) tool?
An organization has performance metrics to track how well IT resources are being used, but there has been little progress on meeting the organization's goals. Which of the following would be MOST helpful to determine the underlying reason?
An IS auditor is assigned to review the development of a specific application. Which of the following would be the MOST significant step following the feasibility study?
IS audit is asked 10 explain how local area network (LAN) servers can contribute to a rapid dissemination of viruses. The IS auditor's BEST response is that:
The demilitarized zone (DMZ) is the part of a network where servers that are placed are:
Which of the following should be of GREATEST concern to an IS auditor when auditing an organizationâ€™s information security awareness
During a review of an organizationâ€™s network threat response process. The IS auditor noticed that the majority of alerts were closed without resolution. Management responded that those alerts were unworkable due to lack of actionable intelligence, and therefore the support team is allowed to close them. What is the best way for the auditor to address the situation?
Which of the following BEST ensures that only authorized software is moved into a production environment?
Which of the following is the PRIMARY reason for an IS auditor to use computer-assisted audit techniques (CAATs)?
Which of the following is the MOST critical characteristic of a biometric system?
Which of the following factors will BEST promote effective information security management?
What is the purpose of a hypervisor?
Which of the following methods should be used to purge confidential data from write-once optical media?
Which of the following should be reviewed as part of a data integrity test?
A user of a telephone banking system has forgotten his personal identification number (PIN), after the user has been authenticated, the BEST method of issuing a new pin is to have:
What is an IS auditorâ€™s BEST recommendation for management if a network vulnerability assessment confirms that critical patches have not been applied since the last assessment?
Which of the following should MOST concern an IS auditor reviewing an intrusion detection system (IDS)?
A security administrator should have read-only access for which of the following?
Which of the following is the GREATEST concern with conducting penetration testing on an internally developed application in the production environment?